diff --git a/rack-protection/lib/rack/protection/frame_options.rb b/rack-protection/lib/rack/protection/frame_options.rb
index 70e1eae1..265e12be 100644
--- a/rack-protection/lib/rack/protection/frame_options.rb
+++ b/rack-protection/lib/rack/protection/frame_options.rb
@@ -2,7 +2,11 @@ require 'rack/protection'
 
 module Rack
   module Protection
-    class FrameOptions < Base
+    class FrameOptions < XSSHeader
+      default_options :frame_options => :sameorigin
+      def header
+        { 'X-Frame-Options' => options[:frame_options].to_s }
+      end
     end
   end
 end
diff --git a/rack-protection/lib/rack/protection/xss_header.rb b/rack-protection/lib/rack/protection/xss_header.rb
index e57ea576..af30d189 100644
--- a/rack-protection/lib/rack/protection/xss_header.rb
+++ b/rack-protection/lib/rack/protection/xss_header.rb
@@ -1,20 +1,17 @@
+require 'rack/protection'
+
 module Rack
   module Protection
-    class XSSHeader
-      HEADERS = {
-        'X-XSS-Protection' => '1; mode=block',
-        'X-Frame-Options'  => 'sameorigin'
-      }
+    class XSSHeader < Base
+      default_options :xss_mode => :block
 
-      def initialize(app, options)
-        @app     = app
-        @headers = HEADERS.merge(options[:xss_headers] || {})
-        @headers.delete_if { |k,v| !v }
+      def header
+        { 'X-XSS-Protection' => "1; mode=#{options[:xss_mode]}" }
       end
 
       def call(env)
         status, headers, body = @app.call(env)
-        [status, @headers.merge(headers), body]
+        [status, header.merge(headers), body]
       end
     end
   end